alpitronic Hypercharger EV charger

Risk Summary

Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data.

CVEs (1)

Remediations

• alpitronic recommends users change the default credentials for all charging devices.
• alpitronic advises that the interface should be connected only to internal segregated and access-controlled networks and not exposed to the public internet/web.
• When informed of these vulnerabilities, alpitronic, in conjunction with and/or on behalf of affected clients, disabled the interface on any exposed devices and all clients were contacted directly and reminded that the interface is not intended to be visible on the public Internet and that default passwords should be changed.
• alpitronic are also applying mitigations to all devices in the field and to new devices in production. New devices will come with unique passwords. Devices using the default password will be automatically assigned new unique passwords, or at first access if the device has not yet been installed. Devices with the default passwords already changed will not be affected. New passwords can be obtained by scanning the QR-Code inside the charger or in DMS portal hyperdoc. Contact Hypercharger support with any questions about newly assigned passwords.

Affected Vendors

Affected Products (1)

Affected Sectors

Transportation Systems